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1. Introduction 

Since the publication of two influential papers on lazy evaluation in 1976 [Hend76, Frie76], the 
idea has gained widespread acceptance among language theoreticians — particularly among the 
advocates of "functional programming" [HendSO, Back78]. There are two basic reasons for the 
popularity of lazy evaluation. First, by making some of the data constructors in a functional language 
non-strict, it supports programs that manipulate "infinite objects" such as recursively enumerable 
sequences; this may make some applications easier to program. Second, by delaying evaluation of 
arguments until they are actually needed, it may speed up computations involving ordinary finite 
objects. 

Despite the popularity of lazy evaluation, its semantics are deceptively complex. Although the 
implementation of lazy evaluation is easy to describe, its semantic consequences are not. In lazy 
domains, the existence of infinite objects nullifies the usual principle of structural induction for 
program data. Replacing conventional data constructors by their lazy counterparts profoundly changes 
the structure of the data domain. As a result, reasoning about programs defined over lazy spaces is 
a subtle, counterintuitive endeavor. Many simple theorems about ordinary data objects do not hold 
in the context of lazy evaluation. For example, although the function reverse"" reverse is the identity 
function on ordinary linear lists, it does not equal the identity function in the context of lazy 
evaluation; applying reverse to an infinite list yields the undefined object J_. In response to these 
issues, this paper develops a comprehensive semantic theory of lazy evaluation and explores several 
approaches to formalizing that theory within a programming logic. The paper includes four new 
interesting results. 

First, there are several semantically distinct definitions of lazy evaluation that plausibly capture 
the intuitive notion. In contrast to usual implementation-oriented approaches in the literature, we 
define lazy evaluation as a change in the value space over which computation is performed. We use 
a small collection of domain constructors from denotational semantics [Scot76, ScotSl, Scot83] to 
build abstract value spaces that correspond to the meanings of computations using various lazy 
constructors. Our abstract approach to defining lazy domains accommodates several distinct 
interpretations of the informal concept of lazy lists developed in the literature [Frie76, Hend76]. 
Apparentiy trivial programs produce radically different results under the different interpretations. 

Second, non-trivial lazy spaces are similar in structure (under the approximation ordering) to 
universal domains (as defined by Scott [Scot76]) such as the Pw model for the untyped lambda 
calculus. Specifically, we show that Pw (with the standard primitive operations 0, succ, pred, cond, 
K, S, and apply) is isomorphic to the simple lazy space Trivseq = Triv X Trivseq (with corresponding 
primitive operations) where Triv is the trivial data domain consisting of two objects {±, true} and 
X denotes the standard cartesian product of two sets. The corresponding primitive operations on 
Trivseq are recursively definable (using first order recursion equations) in terms of the constants true 
and ±, the constructor and selector functions for forming and tearing apart objects in Trivseq, and 
the logical operations and and por (parallel or) on Triv. Hence, lazy trivial sequences (as defined 
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above) provide an elegant model of the (untyped) lambda calculus that is intuitively familiar to most 
computer scientists. 

Third, we prove that neither initial algebra specifications [ADJ76,77] nor final algebra 
specifications [KamiSO] have the power to define lazy spaces. This result, which is surprisingly easy 
to prove, establishes a fundamental limitation on the power of equational theories as data type 
specifications. 

Fourth, although lazy spaces have the same "higher-order" structure as Pco, they nevertheless 
have an elegant, natural characterization within first order logic. In this paper, we develop a simple, 
yet comprehensive, first order theory of lazy spaces relying on three axiom schemes asserting: 

• the principle of structural induction for finite objects; 

• the existence of least upper bounds for directed sets; and 

• the continuity of functions. 

To demonstrate the deductive power of the system, we show that there is a simple, natural translation 
of the higher-order logic LCF [Gord77] into our first order system. In addition, we derive a 
generalized induction rule (analogous to fixed point induction in LCF) for admissible predicates 
called lazy induction that extends conventional structural induction to lazy spaces, greatly simplifying 
the proof of many theorems. An instance of this generalized rule reduces to ordinary fixed point 
induction. 

The remainder of the paper is divided into eight sections. Section 2 provides a brief overview 
of Scott's theory of data domains [Scot76, ScotSl, Scot83]. Section 3 develops the specific machinery 
required to define the abstract semantics of lazy data domains. Using this machinery, Section 4 
presents a taxonomy of lazy lists, demonstrating that there are many semantically distinct data 
domains that capture the intuitive notion of lazy evaluation. Section 5 explores various approaches 
to formalizing our semantics definition of lazy domains within a logical theory. In Section 6, we 
prove that algebraic specification is too weak to accomplish the task and that lazy spaces have the 
same rich "higher-order" structure as Pw. In Section 7, we present a simple first order theory for 
lazy data domains and demonstrate that it is at least as powerful as the corresponding theory 
formulated in the higher-order logic LCF. Section 8 gives some sample program proofs using the 
first order theory developed in the preceding section. Finally, Section 9 assesses the intuitive 
significance of our results and speculates about promising directions for future research. 



2. Background 

2.1 Mathematical Foundations 

The following group of definitions rigorously describes our concept of data domain, which is an 
adaptation and distillation of several different expositions by Scott [Scot 76, 81, 83]. 
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Definition: A partial order S is a pair <|S|, C> consisting of a set |S| of objects and a binary relation 
C over |S| such that: 

(i) C is reflexive: Vjc € |S| x C x 

(ii) U. is antisymmetric, "ix, y£\^x\^y/\y^x^^x = y. 

(iii) ^ is transitive: Vx, >', 26 \S\x^y/\yU.z=^ x^ z. 

A subset R C |S| is consistent iff there exists u € |S| such that Vr € /? r C w; w is called an upper 
bound of R. A subset R C |S| is directed iff for every finite subset E C. R has an upper bound in 
R. 

Notation: Given a partial order S, we will use the symbol S as an abbreviation for the more 
cumbersome notation |S| whenever no confusion is possible. Hence x € S and R C S abbreviate x 
€ |S| and R C |S|, respectively. 

Definition: A {data) space S is a partial order with the following two properties: 

(i) Every directed subset R € S (including the empty set) has a least upper bound in S 
(denoted lubs R). The least upper bound of the empty set is denoted by the special symbol 
±s (pronounced "bottom"). 

(ii) S has a countable subset B = {bj € S | i € N} called the basis elements of S (the elements 
in the enumeration bi, b2, ... are not necessarily distinct; hence, B can be finite), such that: 

(a) B is closed under the least upper bound operation on finite consistent subsets. 

(b) Every element x € S is the least upper bound of the subset of B that approximates 
it, i.e., 

V X € S X = lubs {y € B I y C x}. 

(c) Every basis element a: € B is finite: for every directed subset C of B, jc C lubs C 
implies that 3>' € S such that xU. y. 

Theorem: A data space S has a unique basis; it consists of the finite elements of S. 

Proof: By property (c) above, every basis element must be finite. To show that every finite element 
must be a basis element, let e be an arbitrary finite element. Let E be the set {b C e | b € B}. 
Since e is finite, there exists a finite subset E' C E such that lubs E' = ^- But lubs E' must be a 
basis element, because the basis is closed under least upper bounds on finite sets. D 

Notation: When no confusion is possible, we will frequently omit the subscripts (identifying a space) 
on the symbols lub and ±. 

Definition: An element s of a data space S is finitely-founded iff the set {;^ € S | 3^ C 5} is finite. 
A data space S is fmitely-founded iff the finitely-founded elements of S form a basis for S. A data 
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space S is flat {industrious) iff for every element y € S, xCy -(=> (x = y V x = ±). A finitely-founded 
data space S is lazy iff it is not flat. 

Although all lazy spaces are finitely-founded, many "higher-order" spaces (such as mappings 
from one lazy space to another) are not finitely-founded. 

Definition: An ideal over B is a set F such that: 

(i) Vx, >; € F lub{jc, y} € F, and 

(ii) Vx€F, >'€Bj;Cx=>>;€F. 

Definition: Two spaces Si, S2 with bases Bi, B2 are isomorphic iff there exists a bijective (one-to-one 
and onto) function h:Si -^ S2 such that: 

(i) h(Bi) = B2 and h(±i) = ±2. 

(ii) For any finite set S C Si, S is consistent iff h(S) is consistent. 

(iii) For any consistent set S<Si, h(lub S) = lub h(S). 

Theorem: A data space S with basis B is isomorphic to the space /(B) consisting of the set of ideals 
over B under the partial ordering defined by the subset relation on ideals (which are simply sets of 
basis elements). 

Proof: The function h:/(B) -^ S defined by h(F) = lubs F maps /(B) onto S and clearly preserves 
the approximation ordering on /(B): 

Fl ^ F2 ^=^ lubs Fi ^ *ubs F2 

Similarly the function h':S -♦ /(B) defined by: 

h'(x) = {y € B I y Cs X} 

maps S into /(B) and preserves the approximation ordering on S. Moreover, it is obvious (from the 
definition of a basis) that for all jc € 5 h(h '(x)) = x. 

To complete the proof, we must show that h' maps S onto /(B), i.e., that for each a; € 5, there 
is a unique ideal Fx in /(B) such that lubs ^x — -^- Assume that two distinct ideals F and G have 
the same least upper bound in S. Without loss of generality, we can assume that F-G is non-empty. 
Let w € F-G. Since w is a basis element, it is finite, implying that G (a directed set approximating 
w C x) contains an element v such that w C v. Since G is an ideal, G must contain w, which is 
an obvious contradiction. 

Remarks: The preceding theorem shows that the structure of space S is completely determined by 
the structure of B. In the neighborhood system formulation of domain theory [Scot 81], the elements 
of a space are filters rather than ideals because each element of the universe is identified with a filter 
of sets (called neighborhoods) that "contain" (D) rather than "approximate" ( C ) the element. 
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Deflnition: Let S be an arbitrary data space with basis B. A function fiS"^^ -► S is approximable iff: 

V XI, ..., x#f € S f(xi, ..., x#f) = lub {f(Z)i, ..., b#i) \ bi, ..., b#f € B Ai<i<#f bi C Xi }. 

An approximable function f:S^^ ->• S is strict iff the image of every argument list containing ± is 
_L, i.e., 

V xi, ..„ jc#f € S jci = ± V . . . V x#f=± => f(xi, ..., x#f) = JL. 
Definition: A space R is a subspace of the space S iff: 

(i) |R| C |S|, Cr C Cs, and ±r = ±s- 

(ii) |R| n B forms a basis for R. 

(iii) For all directed subsets R' C R, lubR R' = lubs R'. 

Remark: Some formulations of domain theory use a weaker definition of subspace. In particular, 
they omit condition (ii) and replace condition (iii) by a stipulation that the consistency relation in 
the subspace R agree with consistency relation in the parent space S. In Section 2,5, we discuss 
some of the implications of this alternative. 

Definition: Let G be a countable set of symbols. A domain D with signature G is a pair <D, G> 
consisting of a space D (called the universe) and an interpretation function G mapping each symbol 
g € G into an approximable function g (called an operation) over D. 

Definition: Two domains Di, D2 with signature G are isomorphic iff the spaces Di and D2 are 
isomorphic under a function h:Di -*■ D2 and for each operation symbol g € G, 

Vxi, ..., x#g € Di h(gi(xi, ..., x#g)) = g2(xi, ..., x#g)). 
where gi and g2 denote the interpretations of g in Di and D2, respectively. 
Definition: A domain E with signature H is a subdomain of the domain D with signature G iff: 

(i) E is a subspace of D. 

(ii) H C G and for each operation symbol h € H, GD(h) (the interpretation of h in D) 
restricted to E is GE(h) (the interpretation of h in E). 

The obvious difference between a space and a domain is that a domain identifies a collection of 
primitive operations — in addition to a universe of values — that form a set of building blocks for 
defining new functions over the universe. In contrast, a space leaves the possible operations on data 
unspecified. 

Notation: Given a domain D with signature G, we will frequently write G instead of G(G) to denote 
the set of functions over D interpreting the operation symbols G. 
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2.2 Sample Spaces 

Many common data spaces such as the natural numbers and ordinary (industrious) hsts are 
degenerate in the sense that they contain no Umit points; in these spaces, every element is a basis 
element. For example, let Nat be the natural numbers N under the partial ordering C^at defined 
by: 

^ ^Nat J*=* X = y y X = ±. 

Nat is a space with basis Nat. Similarly, let Bool, the space of Boolean truth values, be defined as 
the set: 

{±, true, false} 

under the partial ordering CbooI defined by: 
^ EbooI y ^ X = y V X = ±. 

An example of a more interesting space is Pw, the power set of the natural numbers under the 
partial ordering C determined by set inclusion. The finite (basis) elements of Pw are precisely the 
finite sets of natural numbers. 

2.3 Space Constructions 

In specifying data spaces, it is often convenient to construct composite spaces from simpler ones. 
There are two fundamental mechanisms for constructing composite spaces: the Cartesian product 
construction and the approximable function construction. We will discuss several other constructions 
later in the paper, but they are all based on these two mechanisms. 

We will define the two constructions without proving that the constructed spaces are well-formed. 
The interested reader is encouraged to verify that the constructions actually build legitimate data 
spaces. 

Definition: Given data spaces Si, S2 with bases Bi, B2 and approximation orderings Ci, C 2^ the 
Cartesian product space S1XS2 is the data space determined by the basis set: 

{(X, y)\xeBi,ye B2} 

under the relation C defined by: 

(xi, yi) C (X2, y2) <=> xi n,i X2 A yi ^2 yi- 

The bottom element of S1XS2 is (±1, ±2) where ±1 and ±2 denote the least elements of Si and 

S2. 

Notation: In informal mathematics, no distinction is typically made between a unary function f 
defined on the Cartesian product SXS and the corresponding binary function f over S. Since we 
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will be dealing with spaces S that contain SXS as a subspace, we cannot ignore the difference 
between the two. Consequently, we will employ the following conventions. First, unless we explicitly 
state otherwise, the expression RXS always denotes the Cartesian product space formed from R and 
S. Second, the "exponentiated" expression S^ denotes the domain of a k-ary function over the 
universe S. To avoid unneccesary confusion, we will confine our attention to unary functions when 
it is feasible. 

The second fundamental space construction is the formation of the space of approximable 
mappings from one data space into another. An approximable mapping is a data object that denotes 
a function. 

Definition: Assume that we are given data spaces Si, S2 with bases Bi, B2. A binary relation / C 
B1XB2 is an approximable mapping from Si to S2 iff: 

(i)/is consistent: for all x € Bi, the set 

{ J € B2 I 3 a:' € Bi [jc' C X A x' Z}'] } is consistent. 

(ii)/is directed-closed: for all <x', /> £ B1XB2 (3<x, y>€/[x C x' A / C y] =► <x', y>€^. 

Definition: Given an approximable mapping / from Si to S2, the function determined by f is the 
function f:Si -*• S2 defined by: 

f(x) = lub{ ye B2 I 3x' € Bi [x' C x A x' /;;] }. 

Observation: If /is an approximable mapping from S to S, then the function f over S determined 
by /is approximable. 

Definition: Given the spaces Si, S2 with corresponding bases Bi, B2 and approximation orderings 
Ci, C2. the space of approximable mappings Si => S2 is the space determined by the basis: 

{/ I 3 finite consistent/ C B1XB2 such that /is the directed closure of/} 

under the partial ordering C defined by: 

// E /2 <=^ Vx € Bi//x; Q2f2fx). 

The least element of Si^-S2 is the relation {(bi, ±2) \ bi € Bi} which is the directed closure of the 
empty relation; it determines the everywhere "undefined" function fi defined by Xx.±2- 

Theorem: For any data space S that contains a subspace isomorphic to S=*'S, there is an approximable 
function Apply over S such that for every approximable mapping / € S=»S and corresponding 
function f:S -> S such that: 

Vx € Si Applyi/ x) = f(x). 

Proof: Let Apply be defined by the equation Apply(f, x) = lub {b € B | 3 (u, b) € f u C x}. The 
theorem follows immediately from the definition of the function f determined by f D 
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Although we have only defined the notion of approximable mappings corresponding to unary 
functions, there is a standard transformation (usually called currying) that converts a multiple argument 
function f:S^*^ -► S to an equivalent unary function f : S ^ [S -»■ ... ^ [S -♦ S] ...] defined by the 
lambda expression: 

>^xi Xx#f.f(xj,...,x#f). 

2.4 Computability 

In order to formalize the idea of computable mappings (functions) on a data space, we must 
identify a concrete representation for the elements of the space. 

Definition: An effective presentation of a data space S is an enumeration 5 = <bi | i € N> of the 
basis of S (the elements in the enumeration are not necessarily distinct) such that: 

(i) The binary relation CON defined by CON(i, j) «■ (3k bj C bk A bj C bk) is recursive. 

(ii) The ternary relation LUB defined by LUB(i, j, k) <=> (bk = lub{bi, bj}) is recursive. 

The enumeration B is called an effective presentation of S. 

Theorem: Given effective presentations Bj, B2 for the spaces Si, S2, we can construct effective 
presentations for S1XS2 and 81=^82. 

Proof: Omitted. 

A subspace S of an effectively presented space 8 (with presentation B = <h\\'\^ N>) is effective 
iff the index set for the basis of 8 {i | bj € 8} is recursively enumerable. 

Notation: We will use italicized identifiers A, B, ... to denote effective presentations and the matching 
Roman identifiers A, B, ... to denote the corresponding sets of basis elements. 

In an abstract implementation of an effectively presented space 8, each element x of the universe 
is represented by a natural number x'^ encoding the index set In(x) = {ii, i2, ... } of the set of basis 
elements {bii, bi2, ... } approximating x. More precisely, there is a binary total recursive function jS 
such that for all x € 8, \k . ^(x^, k) has range In(x). In this context, a computable function f over 
8 is implemented by a #f-ary partial recursive function f^ such that for all xi, ..., x#f € 8, the 
function: Xk . ^(f^(xi^ x#f^), k)) has range In(f^(xi, ..., x#f)). 

Given the preceding motivation, we formalize the notions of computable function and computable 
mapping as follows: 

Definition: An approximable mapping / is computable iff it is recursively enumerable, using the 
indices given in the enumerations Bj, B2 to name elements in Bi and B2. The function f determined 
by an approximable mapping /from 81 into 82 is computable iff /is computable. 
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A computable function f: Si -*■ S2 is "computable" in the sense that given an arbitrary element 
X € Si (represented by the code x^), we can enumerate the set of basis elements that approximate 
the image element f{x) € S2. 

Definition: A data domain D = <D, G> is computable iff there exists an effective presentation B 
for D such that every operation g € G is computable. An element d € D is accessible iff the index 
set of the ideal of basis elements approximating d is recursively enumerable. An element d € D 
is definable in D iff there is a variable-free term pd constructed from the operation symbols in G 
such that denotes d. A function f: D" ->• D is recursively definable in D iff there is a term xf 
composed solely from the free variables x/, ..., Xn and the operations G such that f is the least 
function (using the approximation ordering on the corresponding mappings in D"=>D) satisfying 
the equation (called a recursive program for f)* 

(*) f(xi, ..., Xn) = Tf. 

The domain D is expressive iff every accessible element of D is definable in D. The domain D is 
computationally complete iff every computable function f: D" -»> D (n>0) is recursively definable in 
D. D is reflexively complete iff the following three properties hold: 

(i) Ds^D is isomorphic to a subspace MapQ of D. 

(ii) Every accessible element of MapD is definable in D. 

(iii) The function Apply: D -♦ D defined in the previous section is recursively definable in 
D. 

Remarks: By Kleene's recursion theorem, the least function f satisfying the equation (*) must exist 
since it is simply the least fixed-point of the approximable function F: [D" ->■ D] -> [D" -^ D] 
denoted by the lambda expression: 

\f. X fX], ..., XrJ . Tf. 

Observation: If a domain D is reflexively complete, then it is computationally complete. A 
particularly appealing property of Scott's theory of data domains is that the set of approximable 
mappings between effectively presented spaces is an effectively presentable space in its own right. 
Moreover, the set of computable mappings within this space are precisely the accessible elements of 
the space. We will discuss this issue in more detail below. In this paper, we will be exclusively 
concerned with computable spaces and domains. 

2.5 Retractions on the Universal Domain 

A fairly rich collection of spaces can be constructed by starting with a few very simple primitive 
spaces (such as Nat and Bool) and constructing more complex spaces by composing the Cartesian 
product and approximable mapping space constructions. However, it is easy to devise spaces such 
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as infinite cartesian products of primitive spaces that are beyond the scope of this simple scheme. 
Scott has developed a much more comprehensive approach to the problem of constructing spaces 
based on the concept of a universal space. 

Definition: A universal space U is a computable space with effective presentation B such that every 
data space D is isomorphic to a subspace S of U. Moreover, if D is effectively presented, then S 
must be an effective subspace of U. 

Since every space D has an isomorphic image S within the universal space, the problem of 
defining an arbitrary space can be reduced to defining an arbitrary subspace of a particular universal 
space. A simple, elegant way to identify an arbitrary (computable) subspace S of a universal space 
is to define a (computable) retraction characterizing S. 

Definition: A retraction on U is a strict approximable function a: U => U such that a^a = a. A 
retraction a is finitary iff the image a(U) is a subspace of U. A retraction is a projection iff it 
preserves basis elements and least upper bounds. In other words, a must satisfy the following two 
properties: 

(i) Vb € B a(b) € B. 

(ii) V consistent w, v € 5 a(lub{w, v}) = lub{a(w), a(v)}. 

The range of a (finitary) retraction a is called the (finitary) retract of a. 

Remark: A projection is clearly a special form of finitary retraction. 

Theorem: For every subspace S of a universal space U, there is a projection a with retract S. 

Proof: The projection a is defined by 2i{x) = {Z>€B|Z>€SA ZjCjc}. It is easy to verify that 
a(U)=S. D 

Remark: The reader should be aware that we are using a very strong definition of subspace, which 
imposes severe restrictions on the structure of a universal space (e.g., it cannot be finitely-founded). 
In fact, by our definition of subspace, the well known "universal" space T" is not universal. If we 
weaken the definition of subspace as discussed in Section 2.1, then T" is universal and the preceding 
theorem no longer holds. In this case, the basis elements of a subspace S C U may be infinite in 
U (even though they must be finite in S). Moreover, there is no suitable notion of a canonical 
retraction (analogous to a projection) characterizing an arbitrary subspace. For this reason, we prefer 
the strong definition of subspace. 

Definition: A universal domain U is a reflexively complete domain <U, G> such that the universe U 
is a universal space. 
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Remark: Given a universal space U, we can construct a universal domain by identifying a finite set 
of functions G over U such that: 

(i) the Apply operation is recursively definable in <U, G>, and 

(ii) every recursively enumerable element of U is denoted by some variable- free term formed 
from G. 

Moreover, since U=>U is isomorphic to a subspace of U and U is reflexively complete, there is a 
term pg (composed from G) for each operation g that is recursively definable in <U, G>, such that: 

V xi, ..., x#g € U Apply( ( ... Apply(pg, xi), ...), x#g) = g(xi, ..., x#g). 

Notation: To simplify the syntax of expressions over a universal domain U, we will adopt the 
following conventions. First, since there is an element pf within U corresponding to every recursively 
definable operation f, we will use the mapping pf in place of each operation f other than constants 
and the special operation Apply. Hence, instead of the expression f(jc, y) we will write Apply(AppIy(pf, 
x), y). Second, we will abbreviate every application of the form Apply(M, v) by (w v). Third, we will 
elide parentheses by making application left associative; hence u v w abbreviates ((w v) w). Finally, 
we will abbreviate applications of the form / (g x) by f°g x. This notation is consistent with the 
conventions usually employed in the untyped lambda calculus [Bare77]. 

Although there are many different possible formulations of the universal domain, the particular 
choice is unimportant. Given an arbitrary universal domain U with basis B, we can recursively 
define (in terms of the primitive operations G on the universal domain) the basic set of operations 
Oiazy that we need to construct lazy spaces. Oiazy consists of the projection mappings RbooI ^x. 
and /?=> identifying the subspaces Bool ({true, false, _L}), UXU, and U^^U, and the mappings: 

true, false: Bool 

5: U => Bool 

if-then-else: Bool =» (U => (U => U)) 

and: Bool => (Bool ==> Bool) 

or: Bool => (Bool => Bool) 

por: Bool => (Bool ^ Bool) 

not: Bool => Bool 

pair: U => (U =» U X U)) 

left: U X U =» U 

right: U X U => U 

S: (U=»U) => ((U=J>U => U=>U)) 

^: U => (U=>U) 
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satisfying the axioms: 

8 ± = ± 

x^± => (8 x) = true 

if-then-else true x y = x 

if-then-else false x y = y 

if-then-else Jl x y = Jl 

and X y = if-then-else x y false 

or X y = if-then-else x true y 

x^ttrue A j^true => (por x y) == (or jc y) 

x=true V j=true => (por x y) = true 

not X = if-then-else x false true 

Rx X = X =^ pair (left x) (right x) = x 

left (pair x y) = x 

right (pair x y) = y 

R^f=\x. XMy €B|3u€BuCxAuf>;} 

S X y z = X z (y z) 

K X y = X. 

The notation y:Si=i'S2 means that f is a mapping in U=>U such that \/x ^ Si f x € S2. The 
behavior of /on points outside of the space Si is not specified. 

With the exception of por, S, and K, these mappings are generaUzations of familiar operations 
from lazy LISP (where left, right, and pair correspond to car, cdr, and cons). The declared domain 
for each mapping is its intended domain of usage. Each mapping is actually defined over the entire 
universal space U; space declarations are enforced by projecting argument values outside the declared 
domain onto the declared domain D (using the projection mapping Rd). 

Since Oiazy includes the Apply operation and the S and K mappings, we can form a variable-free 
term that denotes the mapping corresponding to any function that is recursively definable in terms 
of the operations Oiazy It is well known [Bare77] that any closed term (no free variables) in the 
(untyped) lambda calculus can be expressed as a composition of the operations S and K. Moreover, 
the least fixed point operator Y: (U -* U) ^^ U that maps an approximable function into its least 
fixed point is defined by the lambda expression: 

\f . (Xx. f(x x)) {Xx. f(x x)). 

The corresponding mapping Y is defined by: 

Y = S aa 
I = S KK 
a = iSiSiKS)iS{KK)r))iSiKS)(KD)(KD). 
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Consequently, the mapping corresponding to an arbitrary recursive definition: 

fiXl, ..., X#f) = Tf 

is simply: 

y (^* ^1 ^* x#f . Tf) 

where X* x . a denotes the term (formed using S and K) signifying the mapping corresponding to 
the function \x . a. 

Notation: As a notational convenience, we will use lambda expressions (without the * exponent) to 
denote mappings instead of compositions of 5 and K; they are much easier to read. On a formal 
level, these lambda expressions simply abbreviate the corresponding compositions of S and K. 
Similarly, we will elide applications of the Y operator by using the equation: 

/= r[f\ 
to abbreviate the recursive definition: 

/= Y(Xf.r[f\). 

We will also use the standard infix abbreviations for applications of Boolean mappings: 

if X then y else z = if-then-else x y z 
X and y = and x y 
X or y = or X y 
X por y = por x y. 

3. The Construction of Lazy Spaces 

In constructing a composite space (such as a Cartesian product or discriminated union) from 
component spaces, we must decide how to form the bottom element of the composite space, i.e., 
determine which constructed objects are identified with the undefined composite object This decision 
implicitly determines whether the composite space corresponds to lazy or industrious computation. 

Let Di and D2 be arbitrary computable subspaces of our universal space U characterized by the 
projection mappings /?i and R2 in U=>U. Using the Cartesian mapping pair. U=>(U=^UXU), we 
can form a surprisingly wide variety of simple composite space using the following space constructions. 

3.1 Ordinary product 

D1XD2 = {<JC, >;> I X € Di, >; € Dj}. 
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The corresponding basic mappings are: 

Px: Di=>(D2=^DiXD2) = Xx. Xy. pair x y 

fstx: DiXD2=»Di = Xz. left z 

sndx' DiXD2==>^D2 = Xz. right z 

Rx: U=>DiXD2 = Xx. Px (R^fstx x)(R2°sndx x). 

3.2 Coalesced product 

Di®D2 = {<x, >;> I jc € Di, >; € D2, x^±, y^±} U {J.}. 

The corresponding basic mappings are: 

P(g,: Di==»(D2=^Di0D2) = Xx. Xy. if bx and by then pair x y else ± 

fst^: Di0D2=^Di = Xz. left z 

sndig,: Di®D2^-D2 = Xz. right z 

R^: U=*Di<8>D2 = Xx. if8x then P^ (Rj°fstiS) x) (R2°snd^ x) else ±. 

3.3 Separated product 

Di[x]D2 = {<true, <x, y» \ x ^ Di, y € D2}. 

The corresponding basic mappings are: 

P^ : Di^^(D2^ Di|x]D2) = Ax Xy. pair true (pair x y) 

fst^ : Di[x]D2 =» Di = Xz. left° right z 

snd^ : Di[x]D2^D2 = Xz. right° right z 

R^ : U=>Di|x|D2 = Xx. P^ (Ri°fst^ x) (R2°snd^ x). 

3.4 Coalesced sum 

DieD2 = {<true, x> | x € Di, x^l.} U {<false, yy\y^ D2, y^±} U {±}. 

The corresponding basic mappings are: 

inL@'. Di=>Di©D2 = Xx. if 5x then pair true x else J_ 

inR^'. D2=>Di©D2 = Xx. if 6x then pair false x else 1. 

outL®: Di0D2=*>Di = Xz. right z 

outR®: Di®D2=*'D2 = Xz. right z 

isL®\ DieD2=>Bool = Xz. left z 

isR^: Di©D2=^Bool = Xz. not°left z 

/?©: U=»Di©D2 = Xx. if isL^ x then inL@°Ri°outL^ x else inR@°R2°outR® x. 

3.5 Separated sum 

D1 + D2 = {<true, x> I X € Di} U {<false, >;> | >; € D2} U {±} . 
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The corresponding basic mappings are: 

inL+: Di^Di + D2 = Xx. pair trut x 

inR + : D2=*' Di + D2 = Xy .pair false y 

outL+: Di+D2=*-Di = Xz . right z 

outR + : Di + D2=^D2 = Xz. right z 

isL+: Di + D2=>Bool = Xz. left z 

/5/?+: Di + D2^Bool = Xz. not°left z 

R+: U=*'Di + D2 = Xx. if isL+ x then inL+<^RjooutL+ a; else inR+°R2°outR+ x. 

3.6 Lifted space 

Dt = {<true, x> U € D} U {±}. 

Let Rd be the projection mapping corresponding to D. The basic mappings corresponding to D^ 
are: 

delay: D=>D^ = Xx pair true x 

force: D^=*-D = Xz. right z 

R^: U=*-U = Xx delays Ri° force x 

In constructing products and unions, there are three plausible symmetric ways to handle 
composite objects containing an undefined component: 

1. A composite object (e.g., an ordered pair) containing an undefined component is identified 
with the undefined object in the constructed space. Coalesced products (0) and sums (©) 
obey this convention. 

2. A constructed object containing at least one defined component is distinguished fi"om the 
bottom element of the composite space. In this case, two such objects are equal only if all of 
their corresponding components are equal. Ordinary Cartesian products (X) obey this 
convention. 

3. A composite object is always distinguished from the bottom element of the constructed 
space. In this case, the bottom element is outside the range of the constructor function 
corresponding to the composite space. Separated products ([x]), separated sums (+), and 
lifted spaces (t) all obey this convention. 

Each of these three different approaches to constructing composite data objects corresponds to 
a different evaluation protocol (sometimes called a "computation rule" [Manna 74]) for evaluating 
applications of constructor functions to argument expressions. The first scheme corresponds to 
conventional "call-by-value" computation: evaluate all argument expressions before forming the 
composite object. The second scheme corresponds to dovetailing the evaluation of all argument 
expressions until one of them converges, and forming a composite lazy object (where the arguments 
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Other than the one that converged remain unevaluated as closures [HendSO]). The third scheme 
corresponds to forming a composite lazy object without evaluating any of the argument expressions. 

In a lazy composite object, unevaluated arguments are evaluated only when the corresponding 
selector function (e.g., car and cdr in lazy LISP) is applied to the composite object. If such an 
application does not occur in the course of executing a program, the corresponding argument is never 
evaluated. 

The lifting operator t provides an explicit mechanism for constructing a space of "suspended" 
or "unevaluated" elements corresponding to a given space D. Note that the composition of the lifted 
space construction with the coalesced product construction is identical to the separated product 
construction, i.e., 

Di[x]D2 = Di+(8)D2t 

Similarly, the separated sum construction can be defined in terms of the appropriate composition of 
the lifting operator with the coalesced sum construction: 

D1 + D2 = Di''"eD2'''. 

Consequently, without loss of generality, we can confine our attention (when it is convenient) to the 
four space constructors: X (ordinary product), (coalesced product), © (coalesced sum), and f 
(lifting operator). 



4. A Taxonomy of Lists 

The variety of mechanisms available for constructing lazy spaces suggests that there may be 
several different lazy spaces that correspond to an ordinary (industrious) recursive data space (such 
as lists) — each with subtly different properties. In fact, the number of semantically distinct possibilities 
is surprisingly large. We will illustrate this phenomenon by studying list spaces in detail. In 
particular, we are interested in determining and classifying the possible lazy variations on the domain 
consisting of the retract List: 

(0) List = Atom © (List <8) List), 

and the set of operations Oyst- 

±: List 

±At* List 

Xpa-* List 

t, f, Ai, A2, ... : List 

cons: List^ -* List 

car: List -► List 

cdr: List -* List 
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cond: List^ -* List 
is Atom: List -♦ List 
isPair: List ->• List 

where t, f, Ai, A2, ... are constants denoting Lists that are atoms. We presume that Atom is an 
unspecified flat, expressive subdomain of U including the elements true and false and a set of objects 
Nat isomorphic to the natural numbers. 

The space List defined in equation (0) is the retract characterized by the projection mapping: 

^List = ^w- if ^sL u then inL@°Rp^\Qxn°outLQ u 

else inR^°P^ (R°fst®°outR^ u) (R°snd^°outRQ u)) 

where /?Atom is the retraction for Atom. In accordance with the conventions we adopted in Section 
2.5, we will define the mappings in U determining the operations Oyst- The elements (mappings) 
of U denoting the operations in OList are defined by: 

± = ± 
±At = inL® _L 
_Lpa = cons ± ± 
t = inL^ true 
f = inL® false 
Ai = //2Le(ai) 

where a{ denotes the appropriate element of Atom. 

cons = \x. \y. inR®°P(^ x y 

car = Xx. fst®°outR@ x 

cdr = Xx. snd(^°outR@ x 

cond — Xx. Xy. Xz. if isL x then y else z 

is Atom = Xx. if isL x then t else f 

isPair = \x if isR x then t else f 

isPair = Xx. isR x. 

In the process of classifying lazy variations on the domain List, we will identify which one 
corresponds to the implementation-oriented semantics for Lazy LISP presented in the literature 
[Hend76, Frie76]. Our investigation will demonstrate that apparently innocuous variations in the 
definition of recursive data spaces have profound semantic consequences. 
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The obvious syntactic variations on the industrious List space defined above replace ® by + . 
or <8> by X or [x]. The variant spaces are: 



(1) 


List = 


= Atom + (List X List) 


(2) 


List = 


= Atom + (List <S> List), 


(3) 


List = 


= Atom © (List X List) 


(4) 


List = 


= Atom © (List m List) 


(5) 


List = 


= Atom + (List m List) 



In each variant domain, the primitive operations Oyst are defined in the obvious way analogous to 
their definition in domain (0). For example, in variation (1), the ftinctions cons, car, cdr are 
determined by the following mappings: 

cons = Xx. \y. inR + °Px xy 
car = Xx. fstx°outR+ x 
cdr = Xx. sndx°outR+ x 

We will subsequently consider other possible variations that involve the explicit use of the t operator. 
As a gross categorization, we can classify list spaces on the basis of whether they accommodate 
infinite lists. The ordinary industrious space (0) does not, but all of the lazy variants (l)-(5) do. For 
example, the list zeros defined by the equation: 

zeros = cons zeros 

denotes the undefined element ± of the industrious space (0) while it denotes a linear list of O's in 
each of the other spaces (l)-(5). 

Within the class of spaces that support infinite objects, there are significant differences in the 
kinds of infinite and undefined objects that can appear within infinite and partial objects. By 
applying this form of analysis, we can demonstrate that the first four spaces (l)-(4) have fundamentally 
different internal structure. We can also show that space (5) is distinct from the other spaces, but 
the difference between it and space (1) is not significant because the two spaces (and corresponding 
domains) are isomorphic. 

In space (1), lists can contain undefined atoms (the element <true, ±>), undefined pairs (the 
element <false, _L>), and undefined lists (±). In space (2), lists can contain undefined atoms and 
the undefined pair but not undefined lists. In space (3), lists can contain undefined lists but not 
undefined atoms and undefined pairs. In space (4), lists can contain undefined lists and undefined 
pairs, but not undefined atoms. In space (5), as in space (1), lists can contain undefined atoms, 
undefined pairs, and undefined lists. However, space (5) contains a different form of undefined pair 
(<true, <true, ±») than spaces (1), (2), and (4). By inspecting a few simple examples, we can easily 
prove that the first four lazy domains are distinct (non-isomorphic); corresponding computations 
yield different answers. In domain (1), we can define: 
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(a) the infinite list containing no atoms; 

(b) the infinite sequence containing undefined Usts (.L) alternating with zeros; and 

(c) the list consisting of undefined atoms 
by the expressions: 

(a) BigTree = cons BigTree BigTree, 

(b) AltSeq = cons ± (cons AltSeq), and 

(C) ±At. 

However, in the other three domains (2)-(4), at least one of the corresponding lists does not 
exist In space (2), AltSeq denotes the undefined pair _Lpa; lists may not contain undefined lists. In 
space (3), both BigTree and ±At denote the undefined list ±; every defined list must contain a 
defined atom. In space (4), ±At denotes the undefined list ±; lists cannot contain undefined atoms. 
Hence, domains (1), (2), (3), and (4) are structurally distinct (nonisomorphic); the set of finite 
elements is fundamentally different in each case. 

Although each pair (created by a cons operation) in domain (5) contains a redundant level of 
lifting, domain (5) is isomorphic to domain (1) under the function h:U ->■ U determined by the 
mapping: 



h = \x. if isL X then x else pair true \\(right° right x). 



The function h simply strips one level of lifting from the representation of every List pair. The 
interested reader should confirm that all of the operations in Oyst (restricted to their respective 
domains) are preserved by h. 

With the aid of the t operator, we can define an even wider class of lazy list domains. First, 
we can define three more basic variations on lazy lists (spaces (6), (7), and (8) below) completing an 
enumeration of the eight possible ways (spaces (0)-(8) excluding (5)) to include or exclude undefined 
atoms, undefined pairs, and undefined lists. Second, we can define pairing operators that are lazy 
in only one argument (unlike Px, Pjx])- Finally, we can add redundant levels of delayed evaluation 
in the formation of either atomic lists or paired lists analogous to the extra level that appears in 
paired lists in space (5). Since every domain in the final class (involving redundant levels of lifting) 
is isomorphic to a space outside the class, we will not discuss this class any further. 
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To facilitate classifying the extra spaces, we rewrite the definitions of the five basic lazy list 
spaces (1H5) in terms of the operators X, 0, +, 0, and f: 

(1) List = Atomt (List X List)"^ 

(2) List = Atom+ (List List)^ 

(3) List = Atom (List X List) 

(4) List = Atom (List X List)"*" 

(5) List = Atomt [(List X List)t]t. 

In this standardized form, the close relationship between space (5) and space (1) is evident. 
The remaining interesting variations on lazy lists are: 

(6) List = Atomt (List |x] List) 

(7) List = Atom (List <8> List)"^ 

(8) List = Atomt (List <S) List) 

(9) List = Atom (List+ List) 

(10) List = Atom (List Listt) 

(11) List = Atom+ (List"^ List) 

(12) List = Atomt (List List^). 

Variation (6) accommodates undefined atoms and undefined lists, but not undefined pairs. Variation 
(7) does exactly the opposite: it accommodates undefined pairs, but not undefined atoms or lists. 
Variation (8) is only marginally lazy: within lists it accommodates undefined atoms, but not undefined 
lists or undefined pairs. Variations (9), (10), (11), (12) all delay the evaluation of only one argument 
of a paired list. As a result, spaces (9) and (11) allow infinitely deep lists but not infinitely long 
ones while spaces (10) and (12) do the opposite. Spaces (9) and (10) prohibit undefined atoms while 
spaces (11) and (12) accommodate them. 

At this point, the question arises: Which denotational definition of lazy lists corresponds to the 
standard implementation-oriented definition given in the literature [Frie76]? The answer is (4), 
because their space accommodates undefined lists and undefined pairs but not undefined atoms. 

The situation is somewhat more complicated in the case of the semantics presented in [Hend76]. 
Their semantic definition describes a space isomorphic to (1), but the definable data points are 
contained within a subdomain isomorphic to (4), because the operations in their domain cannot 
generate undefined atoms. 



5. Axiomatizing Lazy Data Domains 

Since there are significant differences between various formulations of lazy data domains, it is 
important to develop clear, comprehensive axiomatic definitions for the alternatives. Naively, we 
might attempt to specify a lazy space like: 
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(1) List = Atom + List X List 

(given an axiomatization for Atom) by devising a list of equations such as those presented in Section 
3 and designating the lazy space as the corresponding initial algebra [ADJ76, 77] (or alternatively the 
corresponding final algebra [KamiSO]). From our previous discussion, it seems reasonable to 
conjecture that this task will be deceptively difficult given the variety of lazy spaces available. In 
fact, it is impossible. No recursively enumerable set of equations can specify a non-trivial lazy space 
as either the initial or final algebra corresponding to the specification. We will formally prove this 
fact after we establish a few important properties of lazy spaces. 

Unlike ordinary data domains, lazy spaces have infinite strictly ascending chains of objects do 
C Ji C ^2 E - (where C denotes the approximation relation introduced in Section 2) where each 
object d[ is constructed in exactly the same way as ^j+i except that dy uses ± to approximate 
substructures of di+i. In ordinary industrious data domains (such as LISP Lists), the undefined 
object ± cannot be embedded inside constructed objects, which precludes the existence of infinite 
ascending chains of successively more complete approximations. 

This apparently small change in the definition of data constructors (e.g., the LISP cons operation) 
profoundly changes the structure of the data domain. Ordinary structural induction, for example, 
no longer holds, because lazy spaces contain the limit elements of infinite ascending chains — which 
cannot be constructed from primitive constants (e.g., atoms) in a finite number of steps. For example, 
in the space of industrious lists, List(o), let the operation leafcount be recursively defined by the 
equation: 

leafcount(x) = if isAtoin(jc) then 1 else leafcount(car(x)) + leafcount(cdr(x)), 

where if a then ji else y abbreviates cond(a, ^, y) and the addition operation (+) is defined on 
integer atoms in the usual way. Then the following theorem is easily proved by structural induction 
on x: 

Vjc jc^± => leafcount(jc) > 0. 

On the other hand, as soon as we extend the space List(o) to include limit points, the principle 
of structural induction fails. In a List space including the object BigTree (such as List(i)), the 
preceding theorem is clearly false. 

Since lazy spaces include limit points, they have a much more complex topological structure 
than their industrious counterparts. An important illustration of this phenomenon is the following 
observation. Let Triv denote the trivial subspace of U consisting of the objects true and ±. Although 
the industrious space: 

Trivseqind = Triv (S> Trivseqind 

is completely degenerate (it contains no elements other than ±), the corresponding lazy space: 

Trivseq = (Triv X Trivseq) 
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is isomorphic to Scott's Pw model for the untyped lambda calculus under the mapping a defined 
by: 

a{x) = { i I JCi=true } 

where x\ denotes the i* element of x = <a:o, jci, ..., jcj, ... >. 

Po) is the space consisting of all subsets of the natural numbers under the approximation ordering 
defined by the subset relation. If we strengthen the definition of a space by adding the requirement 
that every space must contain a maximum element T and we weaken the definition of subspace as 
discussed in Section 2.1, then Pco is a universal space. Hence, Pw contains a subspace D such that 
D is isomorphic to the space P<o=»Pco. Moreover, if we augment the space Pw by a very small set 
of operations Op„, the resulting domain Pco is universal. Op„ consists of the constant denoting the 
singleton set {0}, the primitive binary operation Apply: Pw^ -*■ Pw (defined exactly as in Section 
2.3), and the primitive mappings (which are constant operations): 

succ: Pw => Pco 

pred: Pco =*• Pco 

cond: Pco => (Pco => (Pco => Pco)) 

K: Pco => (Pco => Pco) 

S: Pco =^ (Pco =» (Pco =^ Pco)) 

defined by: 

= {0} 

succ X = {e+ 1 I e € x) 

pred X = {e \ e+1 ^ x) 

cond X y z - {e|e€>'AO€jc)U{e|e€zAl€>'} 

K xy =^ X 

S xy z = {x z){y z). 

Surprisingly, all of these operations are recursively definable in a domain containing the lazy subspaces 
Trivseq and Triv together with the obvious "structural" operations: 

true, _L: Triv 
por, and: Triv^ -^ Triv 
cons: Triv X Trivseq -^ Trivseq 
hd: Trivseq -»■ Trivseq 
tl: Trivseq ->• Trivseq. 

Note that the Cartesian product symbol X immediately above does not conform to our normal usage 
of the notation: cons is a binary function — not a unary function on pairs. The recursive definitions 
of the operations Op^j in Trivseq (which are a bit tedious) appear in the Appendix. 
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Since Pw together with the binary operation Apply: Pw^ -*■ Pw and mapping constants S and 
K forms a model for the (untyped) lambda calculus (excluding rj-reduction), the lazy space Trivseq 
together with the corresponding operations also constitutes a model for the untyped lambda calculus. 
Trivseq is a particularly attractive model for computer scientists, because it is based on widely 
understood concepts from applicative programming. Lazy spaces are the natural "higher order" 
generalization of familiar recursive data structures. 

We have now developed sufficient machinery to prove the theorem establishing the inadequacy 
of algebraic specification as a formalism for specifying lazy spaces: 

Theorem: Neither initial algebra specifications nor final algebra specifications (consisting of a 
recursively enumerable set of equations) can define non-trivial lazy spaces. 

Proof: We will prove the theorem for the specific lazy space Trivseq, but it is clear that Trivseq can 
be implemented within any non-trivial lazy space D using an abstraction function (homomorphism) 
mapping D onto Trivseq. 

The initial algebra corresponding to a recursively enumerable set of equations A is the set of 
equivalence classes of variable-free terms under the relation MustEqual, where MustEqual(a, b) is 
true iff the sentence a=b is derivable from A by first order deduction. Hence the equality relation 
on variable-free terms is recursively enumerable. Yet the equality relation for a Trivseq is obviously 
not recursively enumerable; otherwise, we could recursively enumerate the set of all pairs of equivalent 
programs (using the untyped \-caIculus as our programming language) — a set which is obviously not 
recursively enumerable. 

Similarly, the final algebra corresponding to a set of equations A (assuming the final algebra 
exists) is the set of equivalence classes under the complement of the relation CannotEqual where 
CannotEqual(a, b) is true iff the sentence a^b is derivable from A U {truest false} by first order 
deduction. Note that if A has no final algebra, then the complement of CannotEqual is not an 
equivalence relation. For a final algebra, the inequality relation is obviously recursively enumerable, 
but again the inequality relation for Trivseq clearly is not. Otherwise, we could recursively enumerate 
the set of all pairs of inequivalent programs (corresponding to unequal partial recursive functions), 
a set which is obviously not recursively enumerable. D 

Since lazy spaces are so similar in structure to Pw, an obvious approach to formulating a logic 
for lazy spaces is to use a higher order logic based on the lambda calculus (similar to Edinburgh 
LCF) that conveniently expresses the properties of Pw. (See [Giles78] for an LCF axiomatization of 
lazy lists.) 

However, we would prefer not to abandon first-order logic for two reasons. First, first-order 
systems (such as first-order Peano arithmetic) based on structural induction provide a simple, elegant 
characterization of ordinary data spaces. The highly successful Boyer-Moore LISP Verifier [Boyer75, 
79] is based on such a first-order system. We would like to extend this approach to handle lazy lists 
as well. Second, the completeness theorem for first order logic provides an invaluable tool for 
analyzing the deductive power of any theory. If a first order theory is too weak to establish a 
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particular theorem, there must be a non-standard model in which that theorem is false. In higher 
order logics, on the other hand, a theory may be too weak to prove an important theorem, yet there 
may be no model that refutes it. 



6. A First-Order Theory of Lazy Domains 

The chief obstacle to extending ordinary first-order structural induction theories to lazy domains 
is that conventional structural induction is applicable only to well-founded sets, yet lazy spaces under 
the (proper) containment (substructure) ordering determined the constructors are not well-founded 
because a limit element (e.g., BigTree) can properly contain itself Let D = <D, G> be a data 
domain with signature G such that: 

(i) G contains two constants true and false denoting inconsistent finite elements of D and the 
standard ternary conditional function cond defined as in Section 3. 

(ii) G contains a finite set of constructor functions C = {ci, ..., €„} that generate the basis of 
D. In other words, C satisfies the following properties: 

(a) For every basis element ^ € B, there exists a term pb composed solely from 
operations in C such that pb denotes b. 

(b) For all c € C, V xi, ..., x#c ^ B c(xi, ..., a;#c) ^ B. 

(c) For all c\, Cj € C, 

Vxi, ..., x#ch yi^ ..., y#ci € B [ci(xi, ..., x#ci) E Cj(yi, ..., >'#cj) 
=> Ci(;ci, ..., x#ci) = -l- V ( i=j A xiH^yi A ... A x#c^y#S ] 

(iii) For each constructor c € C, G contains selector functions Sj, j = l, ..., #c such that: 

Sj(c(xi, ..., x#c) ) = ^j if c(xi, ..., JC#c) =^ J- 

and a characteristic function isc: D ^ Bool such that: 

isc(x) = 1. if a:=± 

isc(jc) = true if x ^ _L A c(si(x), ..., s#c('^))=^ 

isc(A:) = false otherwise. 

The basis B of D forms a well-founded set under the substructure ordering (which is not an 
approximation ordering) which is the transitive closure of the binary relation: 

Uc e c (Uj^i #c { (^j. c(xi, ..., x#c) I xi, ..., x#c € B A c(xi, ..., x#c)=^-L } 

If D is industrious, then D = B, and the substructure ordering C on D is the conventional 
well-founded ordering used in the structural induction scheme for D. It is a straightforward (but 
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tedious, and error-prone) task to devise a first order axiomatization (comparable in deductive power 
to the first order formulation of Peano's axioms) for an industrious domain D consisting of: 

(1) implications between equations relating the operations in G (e.g., constructors, selectors, 
characteristic functions, if-then-else); 

(2) inequations asserting that the Boolean truth values true, false, and the undefined object 
_L are all distinct; 

(3) axioms describing the substructure ordering C and the approximation ordering C (which 
are both predicates); 

(4) the structural induction scheme: 

A c € c [ V XI, ..., x#c (A i=i, ..., #c <p(xi) => <p(c( XI, ..., x#c))) ] => Vx <p(x) 

or, equivalently, 

Vx [Vx' (x'Cx =^ <p(x')) =^ <pix)] =* Vz <p(z). 

A detailed account of this process appears in [CartSO]. 

The corresponding problem for lazy domains D is much more subtle. If we construct the 
axiomatization described above for a lazy domain D, then the specified space contains only the finite 
objects (basis elements) of the lazy space. (Non-standard models may contain "infinite objects", but 
their behavior does not resemble that of lazy data objects.) The structural induction scheme (4) has 
the effect of banning infinite objects (limit points) from the domain. In fact, if we extend the 
axiomatized structure to include the characteristic predicate IsFin for finite objects and augment the 
axiomatization by a sentence asserting that constructors map finite objects to finite objects, then we 
can prove: 

Vx IsFin(x) = true 

by structural induction. 

As a result, recursive definitions over the domain may not have least fixed points because 
directed sets do not necessarily have least upper bounds. For example, if we consider a domain 
consisting the finite objects in Trivseq, the function definition: 

f(x) = cons(true, f(x)) 
is contradictory, because we can prove by structural induction that: 

V X, j; X ^ consCv, x) 
including x = ±! 
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If we replace induction scheme (4) by an induction axiom scheme restricted to finite objects: 

(4') Vx [IsFin(x) => [Va;'[x'Cx => <p(x')] => <p(x)]] => [Vz IsFin(z) => <p(z)], 

then the lazy space is a model for our axiomatization, but so is the subspace containing only finite 
objects. In such a theory, we could not prove any interesting statements about infinite objects. 



7. A Satisfactory Axiomatization 

The solution to the problem is to augment the axiomatization consisting of (1), (2), (3), and (4') 
above by two additional schemes asserting that: 

(5) Every definable directed set has a least upper bound. 

(6) Every term t(x) over the domain operations G is continuous in the variable x. 

They are formalized as follows. Let <p(w) and t(w) be an arbitrary formula and term respectively in 
the language of the data domain and let x, y, z be variables not free in either <p(m) or t(w). Let 
Dir{t(w)|<p(w)} abbreviate the formula: 

Vx, y [<p(x)A<pCy) => 3z(<p(z) A x C t(z) A j C t(z))] 

which asserts that {t(w)|<jp(w)} is a directed set. Let lub{t(w)|<p(w)}(v) abbreviate the formula: 

Vx ([(p(x) => t(x) C v] A V4Vx <p(x) => t(x) C z] => t(x) C v 

which asserts that v is the least upper bound of the set {t(w)|<p(w)}. (Note that u is not free in either 
Dir{t(w)|<p(w)} or Iub{t(w)|<p(w)}(v) ). Then the two additional schemes are: 

(5) (the existence of least upper bounds) 

Dir{t(w)|(p(w)} => 3v[lub{t(w)|<p(w)}(v)] 

(6) (the continuity of functions) 

lub{w|<p(w)}(v) => lub{t(w)|<p(w)}(t(v)). 

where t(w) and <p(w) are an arbitrary term and formula containing no free variable other than u. 
Scheme (5) asserts that if the set {t(w)|<p(w)} is directed, then it has a least upper bound. Scheme 
(6) asserts that if the set {w|<p(w)} has a least upper bound v, then the function \u. t(w) is continuous 
at V. 

Although there are no blatant sources of incompleteness in this axiomatization (consisting of (1), 
(2), (3), (4a), (4b), (5), (6)), it is not obvious that the system is strong enough to prove all of the 
important properties of particular lazy spaces. (For a non-trivial lazy space (e.g., Trivseq) the 
axiomatization is obviously not complete by Godel's first incompleteness theorem.) For this reason, 
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it is interesting to compare the power of our first-order system with the corresponding theory in 
LCF, a logic specifically designed to accommodate "higher order" spaces like Pco, The LCF theory 
looks similar except: 

1. It includes the typed lambda calculus in the term syntax for the logic. 

2. The induction axiom scheme is fixed point induction on recursively defined functions. This 
scheme has the form: 

<pi±) A Vy[<p(/)=>(p(T[/|)]) =*> <piY{Xf. t[/1)) 

where (p(J) is a formula that admits induction on / Fixed-point induction is applicable only to 
admissible formulas, where admissibility is a complex syntactic test (described in [Gord77]) that 
analyzes the types of terms within the formula. 

The closest analog of structural induction in LCF is fixed point induction on a retraction 
characterizing the domain of interest. The fixed point induction scheme has the form: 

(7) [V/<p(/) =^ <p(t[/1)] => <p{Y{Xf. t[/|)) 

where /is a function of type T, t is a functional mapping functions of type T to functions of type 
T, (p(f) is an admissible formula containing no free variables other than / and Y is the least fixed 
point operator. 

After studying the two systems, we were surprised to discover that our system subsumes LCF 
both in expressiveness and deductive power. In particular, we can systematically translate arbitrary 
LCF statements into equivalent statements in our first order system by: 

(i) Converting all lambda expressions into equivalent expressions formed using the standard 
S and K combinators. 

(ii) Converting all function applications to explicit applications (using the primitive operation 
Apply) of corresponding mapping. 

Unlike many translations between formal systems, this translation does not mutilate the syntactic 
structure of the original formula. In fact, if we use the abbreviated notation for terms described in 
Section 2, the first order translation of an LCF formula is identical to the original formula! 

Under this translation, all of the LCF proof rules and axioms (expressed in terms of translated 
formulas) are derivable in our first-order system. In particular, we can derive the LCF fixed point 
induction scheme for admissible formulas. The derivation critically relies on the structural induction 
scheme for finite objects (4'), the least upper bound scheme (5), and the continuity scheme (6). 

We call the first order analog of fixed-point induction, lazy induction. If we use the abbreviated 
notation described in Section 2, then the lazy induction scheme is identical in appearance to the 
fixed point scheme (7). The formal derivation of lazy induction within our system is a tedious 
induction on the structure of formulas that is beyond the scope of this paper, but the basic idea 
underlying the proof is instructive. 
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The admissibility test in LCF ensures that passing to the Umit of a directed set (of lazy data 
objects) does not change the meanings of subformulas that determine the truth of the entire formula. 
The idea behind the derivation is that the metamathematical justification for fixpoint induction on a 
function within a particular admissible formula can be translated into a proof in our first order 
system consisting of two parts. The first part utilizes conventional structural induction to establish 
that the formula holds for all finite approximations to the function. The second part extends the 
result to the entire function (an infinite lazy object) by appealing to the definition of admissibility 
and the fact that all functions in the domain are continuous. 

Although the admissibility test required for lazy induction is awkward, the rule can be a useful 
shortcut in certain situations. A particular important example is lazy induction on the retraction Rd 
characterizing the recursive data type D defined by the domain equation: 

D = D"^ + . . . + D"'' 

where ni, ..., nk are positive integers. For each component D"' of D, let wq, q, and 5i j, j = l, ..., n, 
denote the recognizer, constructor, and selector functions, respectively, used to identify, build, and 
tear apart objects of form D"' within D. Then Rd is defined by the equation: 

Rd = Xx. if isci x then ci {R°sii x) ... (/?°5i,ni x) ... 

else if /5Ck x then Ck (R°\,i x) ... (/?°%nk ^) else ±. 

When we apply lazy induction to this retraction, the premises of the rule reduce to the premises of 
conventional structural induction for the finite objects of the space. Similarly, the conclusion of the 
rule reduces to an assertion that the hypothesis holds for all objects in D. Hence, if a formula is 
admissible, conventional structural induction establishes the formula holds for all objects in D, not 
just finite ones! 



8. Sample Program Proofs 

Consider the recursive definition: 

append(x, y) = if isAtom x then y else cons(car(jc), append(cdr(A:), >')) 

over the data domain List(i). The following formula: 

^x, y, z append(x, append(>^, z)) = append(append(x, y), z). 

is obviously true on the domain of finite objects (including _L). The proof is a trivial induction on 
the structure of x. Does the same theorem hold for all lazy lists? The answer must be yes, because 
the formula stating the theorem is admissible! Lazy induction enables us to prove theorems about 
lazy spaces using conventional structural induction. 
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On the other hand, lazy induction is not sound if the induction formula is not admissible. For 
instance, consider the formula: 

(8) V X € List (_L C zap(jc)) 

where the function zap and the relation C are defined by the formulas: 

zap(A:) = if isAtom(x) then ± else cons(car(x), zap(cdr(A:))) 

X C >/ «=> (x=y) V (x c y). 

By induction on x, we can trivially "prove" the formula (8), yet it is clearly false for lazy lists since: 

zap(BigTree) = BigTree 

where BigTree is defined as in Section 4. In this case, lazy induction fails because the formula (8) 
is not admissible. 



9. Conclusions and Future Research 

Although implementation-oriented definitions of lazy evaluation provide some insight into the 
behavior of particular computations, they are inadequate as the basis of a logical theory of lazy 
spaces. They also blur subtle but important semantic distinctions between different forms of lazy 
evaluation. Our abstract characterization in terms of domain constructors provides a much clearer 
picture of the mathematical properties of lazy spaces and directly corresponds to a natural formal 
system for reasoning about them. 

Since lazy spaces have essentially the same complex structure as Scott's Pw model of the untyped 
lambda calculus, they cannot be specified by restrictive specification methods such as algebraic 
specification. One approach is to axiomatize lazy spaces within a least fixed point logic such as LCF. 
In this paper we have presented a first-order theory of lazy spaces that we prefer to higher order 
formalizations because it relies on conventional structural induction rather than fixed point induction 
as the fundamental axiom scheme. In our system, the admissibility test for fixed point induction is 
simply a sufficient set of conditions for its derivation. Moreover, our system extends conventional 
structural induction (as implemented in the Boyer-Moore LISP Verifier [Boyer75, 79]) to the context 
of lazy data domains, providing the programmer with a simple intuitive framework for reasoning 
about functions that manipulate lazy data objects. 

Since computable functions have a natural extensional representation as lazily evaluated graphs 
(mappings), our first-order formalization of lazy spaces accommodates function spaces as well. (There 
are still multiple "partial" mappings corresponding to the same function, but the only difference 
between an arbitrary mapping and the canonical one for the equivalence class is that the canonical 
one contains every possible piece of redundant information.) However, we must overcome one major 
obstacle to make our treatment of functions intuitively accessible to programmers: our reliance on 
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combinators rather than lambda expressions to denote computable mappings. In response to this 
issue, we are currently developing a collection of combinators that closely correspond to conventional 
lambda notation. 
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Appendix: Mapping Pco Onto the Lazy Space Trivseq 

Each data object X in the lazy space Trivseq is an infinite sequence xq, x\, ..., x\, ... in which 
each element x\ is either true or ±. In effect, a member of Trivseq is a potentially infinite 
enumeration of natural numbers (the indices of the convergent elements). Consequently, the 
abstraction function a; Trivseq -^ Pw defined by; 
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a(X) = { i I JCi=true } 
establishes a natural isomorphism between the two spaces. 

This appendix contains a recursive program defining the operations Op^^' over Trivseq 
corresponding to the basic operations Op^j of Pw. The style of this program is rather unusual because 
all computations over Trivseq are infinite enumerations in which the subcomputations determining 
individual elements are dovetailed (performed in parallel) — an unfamiliar phenomenon in 
conventional applicative languages such as Pure LISP. 

For the sake of clarity, each individual recursive function definition in the program obeys the 
following syntactic conventions. 

1. Each definition has the form: 

f(x) = informal-definition = formal-definition 
where an informal-definition is a mathematical description of the value of the function and 
formal-definition is the actual body of the function definition. If the formal-definition is 
transparent, then the informal-definition may be omitted. 

2. The names of Trivseq operations (functions that return values of type Trivseq) are 
capitalized; the names of Triv operations (functions that return values of type Triv) are not. 
Triv operations are used as subfunctions within the definitions of the functions in Op^^'. 

3. Variables ranging over Trivseq that are intended to denote arbitrary sets in Pw are 
capitalized. Variables ranging over Trivseq that are intended to denote individual natural 
numbers (singleton sets) are not. No variables range over Triv. 

4. In every unary function application, the parentheses enclosing the argument are omitted. 
Note that this is not the same abbreviation we employed in connection with mappings in the 
main body of the paper. In the following program, every application within an expression is 
explicitiy written down; consequentiy, a chain of unary applications f g h x associates to the 
right [f(g(h(jc)))], rather than the left [(((f g) h) x)] . 

5. In informal definitions (comments), the following special notation appears. 

(a) The symbol ei denotes the finite set in Pw corresponding to the binary coded 
integer i, i.e., 

{j I bit j in the binary representation of i is 1} 
where bits are numbered from right to left starting with 0. 

(b) The function symbol p denotes the inverse of the function a, i.e., p 5 is the infinite 
sequence denoting the set of natural numbers s. 

(c) The bracketed pair <i, j> abbreviates the arithmetic expression [(i+j)*(i+j + l)]/2 
+ i. The binary function Xi, j . <i, j> is a commonly used bijective pairing function. 
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Auxiliary Operations 

The following collection of auxiliary operations Oaux are used in the definition of the primitive 
operations Op^j of Pco. 

defX = 3i € aX = 
hd X por def TI X 

Plus(I, J) = {i+j |i € al A j € aJ} = 
Cons(hd I and hd J, Cons([hd Tl I and hd J] por [hd I and hd Tl J], Plus(TI I, Tl J))) 

Timesd J) = { i*j I i € al A j € aJ } = 
Cons([def I and hd J] or [hd I and def J], Plus(Tl I, Times(I, Tl J))) 

Pair(I, J) = { <i, j> | 3i € «(I) A 3j € a(J) } = 
Plus(Halve Times(Plus(I, J), Plus (Plus(I, J), Succ 0))), I) 

Fst X = { i I 3j <i, j> € aX } = 
Fsti(0, X) 

Fsti(k, X) = { i-k I 3j <i, j> € aX } = 
Cons(anySnd(k, 0, X), Fsti(Succ k, X)) 

anySnd(i, k, X) = 3 j > k [<i, j> € aX] = 
Overlap(Pair(i, k), X) por anySnd(i, Succ k, X) 

Snd X = { j I 3i [<i, j> € aX] } = 
Sndi(0, X) 

Sndi(k, X) = { j-k I 3i [<i, j> e aX]} = 
Cons(anyFst(0, k, X), Sndi(Succ k, X)) 

anyFst(k, j, X) = 3 i > k [<i, j> € aX] = 
Overlap(Pair(k, j), X) por anyFst(Succ k, j, X) 

Overlap(I, J) = 3i i G [al A i € aJ] = 
hd I and hd J por Overlap(Tl I, TI J) 

Top = {i} = 
Cons(true, Top) 

oddX = 3i[2*i+l € aX] = 
hdTlxporoddTITlX 

Halve X = { i | 2*i € aX } U { j | 2*j + l € aX } = 
Cons(hd X por hd Tl X, Halve Tl Tl X) 



XEROX PARC, CSL-83-9, APRIL 1984 



34 THE SEMANTICS OF LAZY (AND INDUSTRIOUS) EVALUATION 



approx(i, X) = ei C aX = 
hd i por [([odd i and hd X] por odd Tl i) and approx(Halve i, Tl X)] 

Primitive Operations of Pco 

Recursive definitions for all the operations in Op^^' = { 0, Succ, Pred, Cond, K, S, Apply } in 
terms of the auxiliary operations Oaux appear below. 

= {0} = Cons(true, _L) 

Succ = GraphSucc 

GraphSucc k = { <i, j>-k | <i, j> > k A j € [a Succ p ei]} = 
Cons( approx(Snd k, Succ Fst k), GraphSucc Succ k ) 

Sued = {i + l|i € al } = Cons(±, I) 

Pred = GraphPred 

GraphPred k = { <i, j>-k I <i, j> > k A j € [a Pred p ei] } = 
Cons( approx(Snd k, Pred Fst k), GraphPred Succ k ) 

Pred I = {i |i + l € al } = Til 

Cond = GraphCond 

GraphCond k = { <i, j>-k I <i, j> > k A j € [a Condi p ej] } = 
Cons( approx(Snd k, Condi Fst k), GraphCond Succ k) 

Condi X = GraphCondi(X, 0) 

GraphCondi(X, k) = { <i, j>-k | <i, j> > k A j € a Cond2(X, p ed} = 
Cons( approx(Snd k, Cond2(X, Fst k)), GraphCondi(X, Succ k)) 

Cond2(X, Y) = XZ. Cond(X, Y, Z) = GraphCond2(X, Y, 0) 

GraphCond2(X, Y, k) = { <i, j>-k | <i, j> > k A j € a Cond(X, Y, p eO } = 
Cons( approx(Snd k, Cond(X, Y, Fst k)), GraphCond2(X, Y, Succ k)) 

Cond(I, Y, Z) = { i € aY | € al } U {j € aY | 3 w w+1 € al } = 
Cons([hd I and hd Y] por [def Tl I and hd Z], Cond(I, Tl Y, Tl Z)) 

KX = { <i, j> I j € aX } = Pair(Top, Filter X) 

Filter I = { i | ei C al } = Filteri(I, 0) 

Filteri(I, k) = { i-k | i > k A £i C aX } = 
Cons(approx(k, I), Filterl(I, Succ k)) 
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S = GraphS(O) 

Graphs k = { <i, j>-k | <i, j> > k A j € [a SI p ci] } = 
Cons( approx(Snd k, SI Fst k), GraphS Succ k ) 

SiX = AY. S2(X, Y) = GraphSi(X, 0) 

GraphSi(X, k) = { <i, j>-k | <i, j> > k A j € a S1(X, p ei) } = 
Cons( approx(Snd k, S2(X, Fst k)), GraphSi(X, Succ k) ) 

S2(X, Y) = XZ. S3(X, Y, Z) = GraphS2(X, Y, 0) 

GraphS2(X, Y, k) = { <i, j>-k | <i, j> > k A j € a S3(X, Y, p e{) } 
Cons( approx(Snd k, S3(X, Y, Fst k)), GraphS2(X, Y, Succ k)) 

S3(X,Y,Z) = Apply(Apply(X, Z), Apply(Y, Z)) 

Apply(F, X) = { j I 3i <i, j> € F A ci C X } = 
Snd Applyi(0, F, X) 

Applyi(F, X, k) = { p-k I p > k A p € F A epst p C X } = 
Cons( test(k, X, F), Applyi(F, X, Succ k) ) 

test(p, X, F) = p € F A epst p C X = 
Overlap(p, F) and approx(Fst p, X) 
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